1. Field of the Invention
The present invention relates to a method and apparatus for protecting sensitive information on a portable device. More particularly, the present invention is directed to a method of protecting sensitive information on a portable device using a long passphrase.
2. Description of the Related Art
Mobile devices currently available in the market provide several functions. Examples of such devices include cellular phones, MP3 players, portable media players that play video, PDAs, digital cameras, portable game consoles, etc. The portable nature of these devices makes them very useful. In addition, these devices now include significant amounts of data storage. For example, an Apple iPod is available with and 80 GB drive. Several MP3 players with up to 10 GB of flash memory are already available. Some cell phones include 10 GB of storage.
The amount of storage space in these mobile devices is expected to increase over time. As a consequence, people are storing sensitive data on these devices. The sensitive data includes corporate and personal email, records of financial transactions, licensed music and movies, copies of government issued documents, financial and legal data, etc.
There is a need to protect the data on these devices since they can be lost or misplaced rather easily. In addition, since the devices contain sensitive data, they may be stolen. In the event a device is lost or stolen the user wants to make it very difficult for the finder to access the data stored on the device.
In order to meet this objective, the data on these devices can be encrypted with strong encryption techniques. Weak or short encryption keys or passwords will not suffice since the finder of the device theoretically has an unlimited amount of time to decipher the contents on the device. The finder/attacker could try a large number of short keys using brute force and eventually decrypt the data.
Stronger encryption techniques that are very difficult to decipher, however, demand that long encryption keys with a length of, for example, 256 bits or more, be used. This long key has to be provided to the device when the user wants to use it and access data from it.
An 8 character password from an alphabet of upper and lowercase characters plus numbers (say 64 symbols) only has an effective key length of 48 bits (8*6 bits). To provide a key length of 256 bits one would need a 43 character password/passphrase. Providing such a long key to the device in a usable, reliable and repeatable manner is challenging. There are several problems.
First, users are not likely to remember passwords that are longer than 8-10 characters. Longer passwords (passphrases/keys) that users could potentially remember can be subject to dictionary attacks, i.e., by checking phrases in a dictionary and then trying them as passphrases. Even if long passphrases can be memorized with effort, these devices typically do not have keyboards to enter long passwords.
Mobile devices are likely to be used in public spaces and this introduces additional challenges. For example, a solely voice based password may not be appropriate.
In practice, as a result of these issues, users resort to short passwords and hope that their device won't be lost or stolen. Thus, there is a need to create a new scheme to protect such data by making it easier for users to supply long encryption keys to mobile devices that have input limitations.
Present methods used to protect data on mobile devices include the keypad lock provided on cell phones, passwords on Blackberries, etc. In most cases the data on the device is not encrypted but access to the data is prevented by disabling the application until the right password is supplied. The keypad based security schemes for mobile devices can typically be broken through brute force techniques.
In some cases the device may lock the user out after a few tries but since the adversary has physical possession of the device he can attack it by bypassing this software and directly examining the storage device. For example, a storage card inside the device may be removed and read from another system.
In the simplest of the security schemes sometimes used on resource limited mobile devices the password entered by the user is compared against a stored password and if they match, the device allows access to the data on the device. This scheme is weak from the perspective of an attacker who can poke into the storage of the device and figure out what the right password is.
In some cases the passwords are transformed by a one-way hash function and the resulting hashes are stored on the mobile device. When a user logs in with a password, the entered password is hashed and checked with the hash associated with the registered password for the user. An attacker who knows the hash function and the hash output can figure out the password by trying different combinations of passwords and checking the resulting hashes. This task could be done on a powerful computer and therefore be fairly fast. Alternatively, the attacker may simply bypass the password check altogether and look at the data directly by examining the memory contents.
Some USB data keys have fingerprint sensors and require the user to validate the device with his fingerprint. This makes it possible to supply some user input through the USB key though it does not have a keyboard. One may think that a biometric such as a fingerprint or an iris scan can be converted to a unique encryption key and that the problem of supplying a strong password on mobile devices may be solved by using biometric keys. This is not, however, the case because the variability in the biometric input and the capture hardware does not make the process exactly repeatable. For example, the user may swipe the finger in a slightly different way than when he swiped his finger at registration time. For this reason it is not possible to take a hash of the registered biometric input and use it as the password since the hash will be different each time because of slight differences in the input. As a result, typically biometric verification gives a confidence interval for the match that can vary between consecutive attempts. In practice, some features of the registered biometric are determined are encrypted with a key and stored on the device if the authentication is done on locally on the device. When the user attempts to log in by supplying the biometric the features of the captured biometric are then compared with features of the registered biometric.
Typically low cost USB keys do not perform the authentication locally since they do not have a processor to do the decryption and comparison of features. Instead they use the PC to decrypt the encrypted features and perform the comparison. The key for decryption of the registered feature set is embedded in a software module in the device that runs on the PC. Some USB storage drives do include a processor to perform the decryption and comparison locally.
Some devices require a physical key or card to be attached to the device for it to function. For example, a USB key could be inserted into a desktop computer for authentication. The user could remove the key when the user is done and ensure that the desktop computer is protected when the user is away. While this works for some large stationary devices such as desktop computers that are difficult to carry around, it is not as useful in mobile devices. For example, if a mini-SD card containing the user's passphrase is used to supply the password, the user may likely keep the mini-SD card in the mobile device for convenience. In this case when the device is lost, the mini-SD card with the passphrase is lost as well.